diff options
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/Makefile.am | 6 | ||||
-rw-r--r-- | src/util/anastasis-config.c | 6 | ||||
-rw-r--r-- | src/util/anastasis-config.in | 5 | ||||
-rw-r--r-- | src/util/anastasis-crypto-tvg.c | 32 | ||||
-rw-r--r-- | src/util/anastasis_crypto.c | 151 | ||||
-rw-r--r-- | src/util/os_installation.c | 4 | ||||
-rw-r--r-- | src/util/pin.c | 84 | ||||
-rw-r--r-- | src/util/test_anastasis_crypto.c | 28 |
8 files changed, 218 insertions, 98 deletions
diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 22c7a1c..29d2b13 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -26,6 +26,9 @@ anastasis-config: anastasis-config.in chmod a-w+x $@.tmp && \ mv $@.tmp $@ +CLEANFILES = \ + anastasis-config + bin_SCRIPTS = \ anastasis-config @@ -34,7 +37,8 @@ lib_LTLIBRARIES = \ libanastasisutil_la_SOURCES = \ anastasis_crypto.c \ - os_installation.c + os_installation.c \ + pin.c libanastasisutil_la_LIBADD = \ -lgnunetutil \ $(LIBGCRYPT_LIBS) \ diff --git a/src/util/anastasis-config.c b/src/util/anastasis-config.c index 0c2cb29..34574d1 100644 --- a/src/util/anastasis-config.c +++ b/src/util/anastasis-config.c @@ -3,16 +3,16 @@ Copyright (C) 2012-2021 Anastasis Systems SA Anastasis is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published + under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. + General Public License for more details. - You should have received a copy of the GNU Affero General Public License + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. SPDX-License-Identifier: AGPL3.0-or-later diff --git a/src/util/anastasis-config.in b/src/util/anastasis-config.in index 0e94921..6657540 100644 --- a/src/util/anastasis-config.in +++ b/src/util/anastasis-config.in @@ -7,6 +7,7 @@ if ! type gnunet-config >/dev/null; then exit 1 fi -GC=`which gnunet-config` -export LD_PRELOAD=${LD_PRELOAD:-}:%libdir%/libanastasisutil.so +GC=$(which gnunet-config) +SO=$(ls %libdir%/libanastasisutil.so.* | sort -n | tail -n1) +export LD_PRELOAD=${LD_PRELOAD:-}:${SO} exec gnunet-config "$@" diff --git a/src/util/anastasis-crypto-tvg.c b/src/util/anastasis-crypto-tvg.c index b426ee5..d5fc4c1 100644 --- a/src/util/anastasis-crypto-tvg.c +++ b/src/util/anastasis-crypto-tvg.c @@ -3,14 +3,14 @@ Copyright (C) 2020,2021 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify it under the - terms of the GNU Lesser General Public License as published by the Free Software + terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU Affero General Public License along with + You should have received a copy of the GNU General Public License along with Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/> */ @@ -134,24 +134,6 @@ d2j_append (json_t *arr, d, \ sizeof (*d)); -/** - * Add a number to a test vector. - * - * @param vec test vector to add to - * @param label label for the value - * @param data data to add - * @param size size of data - */ -static void -uint2j (json_t *vec, - const char *label, - unsigned int num) -{ - json_t *json = json_integer (num); - - json_object_set_new (vec, label, json); -} - static int expect_data_fixed (json_t *vec, @@ -356,7 +338,7 @@ output_vectors () { json_t *vec = vec_for (vecs, "user_identifier_derive"); - struct ANASTASIS_CRYPTO_ProviderSaltP server_salt; + struct ANASTASIS_CRYPTO_ProviderSaltP provider_salt; struct ANASTASIS_CRYPTO_UserIdentifierP id; json_t *id_data = json_pack ("{s:s, s:s}", "name", @@ -364,13 +346,13 @@ output_vectors () "ssn", "AB123"); GNUNET_assert (NULL != id_data); - random_auto (&server_salt); + random_auto (&provider_salt); ANASTASIS_CRYPTO_user_identifier_derive (id_data, - &server_salt, + &provider_salt, &id); json_object_set_new (vec, "input_id_data", id_data); - d2j_auto (vec, "input_server_salt", &server_salt); + d2j_auto (vec, "input_provider_salt", &provider_salt); d2j_auto (vec, "output_id", &id); } diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c index f5e6c77..579f097 100644 --- a/src/util/anastasis_crypto.c +++ b/src/util/anastasis_crypto.c @@ -3,14 +3,14 @@ Copyright (C) 2020 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify it under the - terms of the GNU Lesser General Public License as published by the Free Software + terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU Affero General Public License along with + You should have received a copy of the GNU General Public License along with Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/> */ /** @@ -41,6 +41,10 @@ ANASTASIS_hash_answer (uint64_t code, GNUNET_CRYPTO_hash (cbuf, strlen (cbuf), hashed_code); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Hashed answer %llu to %s\n", + (unsigned long long) code, + GNUNET_h2s (hashed_code)); } @@ -91,28 +95,23 @@ derive_key (const void *key_material, const char *salt, struct ANASTASIS_CRYPTO_SymKeyP *key) { - if (GNUNET_YES != - GNUNET_CRYPTO_kdf (key, - sizeof (struct ANASTASIS_CRYPTO_SymKeyP), - /* salt / XTS */ - nonce, - sizeof (struct ANASTASIS_CRYPTO_NonceP), - /* ikm */ - key_material, - key_m_len, - /* info chunks */ - /* The "salt" passed here is actually not something random, - but a protocol-specific identifier string. Thus - we pass it as a context info to the HKDF */ - salt, - strlen (salt), - NULL, - 0)) - { - // FIXME: Huh?! Why would we continue here? - GNUNET_break (0); - return; - } + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (key, + sizeof (*key), + /* salt / XTS */ + nonce, + sizeof (*nonce), + /* ikm */ + key_material, + key_m_len, + /* info chunks */ + /* The "salt" passed here is actually not something random, + but a protocol-specific identifier string. Thus + we pass it as a context info to the HKDF */ + salt, + strlen (salt), + NULL, + 0)); } @@ -170,8 +169,9 @@ anastasis_encrypt (const struct ANASTASIS_CRYPTO_NonceP *nonce, * @param salt salt value which is used for key derivation * @param[out] res plaintext output * @param[out] res_size size of the plaintext + * @return #GNUNET_OK on success */ -static void +static enum GNUNET_GenericReturnValue anastasis_decrypt (const void *key, size_t key_len, const void *data, @@ -184,8 +184,11 @@ anastasis_decrypt (const void *key, struct ANASTASIS_CRYPTO_SymKeyP skey; size_t plaintext_size; - GNUNET_assert (data_size >= crypto_secretbox_NONCEBYTES - + crypto_secretbox_MACBYTES); + if (data_size < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } nonce = data; derive_key (key, key_len, @@ -204,14 +207,16 @@ anastasis_decrypt (const void *key, { GNUNET_break (0); GNUNET_free (*res); + return GNUNET_SYSERR; } + return GNUNET_OK; } void ANASTASIS_CRYPTO_user_identifier_derive ( const json_t *id_data, - const struct ANASTASIS_CRYPTO_ProviderSaltP *server_salt, + const struct ANASTASIS_CRYPTO_ProviderSaltP *provider_salt, struct ANASTASIS_CRYPTO_UserIdentifierP *id) { char *json_enc; @@ -220,7 +225,7 @@ ANASTASIS_CRYPTO_user_identifier_derive ( json_enc = json_dumps (id_data, JSON_COMPACT | JSON_SORT_KEYS); GNUNET_assert (NULL != json_enc); - GNUNET_CRYPTO_pow_hash (&server_salt->salt, + GNUNET_CRYPTO_pow_hash (&provider_salt->salt, json_enc, strlen (json_enc), &hash); @@ -332,9 +337,9 @@ ANASTASIS_CRYPTO_keyshare_encrypt ( sizeof (nonce)); anastasis_encrypt (&nonce, id, - sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), + sizeof (*id), key_share, - sizeof (struct ANASTASIS_CRYPTO_KeyShareP), + sizeof (*key_share), (NULL == xsalt) ? salt : xsalt, &eks, &eks_size); @@ -359,9 +364,9 @@ ANASTASIS_CRYPTO_keyshare_decrypt ( void *ks = NULL; anastasis_decrypt (id, - sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), + sizeof (*id), enc_key_share, - sizeof (struct ANASTASIS_CRYPTO_EncryptedKeyShareP), + sizeof (*enc_key_share), (NULL == xsalt) ? salt : xsalt, &ks, &ks_size); @@ -505,18 +510,6 @@ ANASTASIS_CRYPTO_core_secret_encrypt ( } -/** - * Decrypts the core secret with the master key. First the master key is decrypted with the provided policy key. - * Afterwards the core secret is encrypted with the master key. The core secret is returned. - * - * @param encrypted_master_key master key for decrypting the core secret, is itself encrypted by the policy key - * @param encrypted_master_key_size size of the encrypted master key - * @param policy_key built policy key which will decrypt the master key - * @param encrypted_core_secret the encrypted core secret from the user, will be encrypted with the policy key - * @param encrypted_core_secret_size size of the encrypted core secret - * @param[out] core_secret decrypted core secret will be returned - * @param[out] core_secret_size size of core secret - */ void ANASTASIS_CRYPTO_core_secret_recover ( const void *encrypted_master_key, @@ -561,11 +554,6 @@ ANASTASIS_CRYPTO_core_secret_recover ( } -/** - * Destroy a core secret encryption result. - * - * @param cser the result to destroy - */ void ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( struct ANASTASIS_CoreSecretEncryptionResult *cser) @@ -579,4 +567,65 @@ ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( } +const char * +ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid) +{ + static char uuids[7]; + char *tpk; + + tpk = GNUNET_STRINGS_data_to_string_alloc (uuid, + sizeof (*uuid)); + memcpy (uuids, + tpk, + sizeof (uuids) - 1); + GNUNET_free (tpk); + return uuids; +} + + +void +ANASTASIS_CRYPTO_recovery_metadata_encrypt ( + const struct ANASTASIS_CRYPTO_UserIdentifierP *id, + const void *meta_data, + size_t meta_data_size, + void **enc_meta_data, + size_t *enc_meta_data_size) +{ + const char *salt = "rmd"; + struct ANASTASIS_CRYPTO_NonceP nonce; + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + &nonce, + sizeof (nonce)); + anastasis_encrypt (&nonce, + id, + sizeof (*id), + meta_data, + meta_data_size, + salt, + enc_meta_data, + enc_meta_data_size); +} + + +enum GNUNET_GenericReturnValue +ANASTASIS_CRYPTO_recovery_metadata_decrypt ( + const struct ANASTASIS_CRYPTO_UserIdentifierP *id, + const void *enc_meta_data, + size_t enc_meta_data_size, + void **meta_data, + size_t *meta_data_size) +{ + const char *salt = "rmd"; + + return anastasis_decrypt (id, + sizeof (*id), + enc_meta_data, + enc_meta_data_size, + salt, + meta_data, + meta_data_size); +} + + /* end of anastasis_crypto.c */ diff --git a/src/util/os_installation.c b/src/util/os_installation.c index a23182e..cfcf3c3 100644 --- a/src/util/os_installation.c +++ b/src/util/os_installation.c @@ -3,7 +3,7 @@ Copyright (C) 2019, 2021 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published + it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. @@ -12,7 +12,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU Affero General Public License + You should have received a copy of the GNU General Public License along with Anastasis; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. diff --git a/src/util/pin.c b/src/util/pin.c new file mode 100644 index 0000000..0285bb0 --- /dev/null +++ b/src/util/pin.c @@ -0,0 +1,84 @@ +/* + This file is part of GNU Anastasis. + Copyright (C) 2021 Anastasis SARL + + Anastasis is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + Anastasis is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with Anastasis; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @file anastasis/src/util/pin.c + * @brief pin conversion functions + * @author Christian Grothoff + */ +#include "platform.h" +#include "anastasis_util_lib.h" + + +bool +ANASTASIS_scan_pin (const char *as, + unsigned long long *pin) +{ + char dummy; + char s[16]; + + if ( (NULL != as) && + (0 == strncasecmp ("A-", as, 2)) ) + as += 2; /* skip "A-" prefix if present */ + if (strlen (as) != 18) + return false; + if ( ('-' != as[5]) || + ('-' != as[9]) || + ('-' != as[14]) ) + return false; + GNUNET_snprintf (s, + sizeof (s), + "%.5s%.3s%.4s%.3s", + as, + &as[6], + &as[10], + &as[15]); + if (1 != sscanf (s, + "%llu%c", + pin, + &dummy)) + { + GNUNET_break (0); + return false; + } + return true; +} + + +const char * +ANASTASIS_pin2s (uint64_t pin) +{ + static char buf[22]; + char tmp[16]; + + GNUNET_assert (pin < ANASTASIS_PIN_MAX_VALUE); + GNUNET_snprintf (tmp, + sizeof (tmp), + "%015llu", + (unsigned long long) pin); + GNUNET_snprintf (buf, + sizeof (buf), + "A-%.5s-%.3s-%.4s-%.3s", + tmp, + &tmp[5], + &tmp[8], + &tmp[12]); + return buf; +} diff --git a/src/util/test_anastasis_crypto.c b/src/util/test_anastasis_crypto.c index 428aebf..6132e35 100644 --- a/src/util/test_anastasis_crypto.c +++ b/src/util/test_anastasis_crypto.c @@ -3,16 +3,16 @@ Copyright (C) 2014-2020 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as + it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. + GNU General Public License for more details. - You should have received a copy of the GNU Affero General Public + You should have received a copy of the GNU General Public License along with Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/> */ @@ -41,11 +41,11 @@ test_user_identifier_derive (void) struct ANASTASIS_CRYPTO_UserIdentifierP id_1; struct ANASTASIS_CRYPTO_UserIdentifierP id_2; struct ANASTASIS_CRYPTO_UserIdentifierP id_3; - struct ANASTASIS_CRYPTO_ProviderSaltP server_salt; + struct ANASTASIS_CRYPTO_ProviderSaltP provider_salt; char *salt_str = "Server-Salt-Test"; - GNUNET_memcpy (&server_salt, + GNUNET_memcpy (&provider_salt, salt_str, strlen (salt_str)); // sample data 1 @@ -59,13 +59,13 @@ test_user_identifier_derive (void) json_object_set_new (id_data_3, "arg1", json_string ("Hallo2")); ANASTASIS_CRYPTO_user_identifier_derive (id_data_1, - &server_salt, + &provider_salt, &id_1); ANASTASIS_CRYPTO_user_identifier_derive (id_data_2, - &server_salt, + &provider_salt, &id_2); ANASTASIS_CRYPTO_user_identifier_derive (id_data_3, - &server_salt, + &provider_salt, &id_3); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "UserIdentifier_1: %s\n", @@ -97,19 +97,19 @@ test_recovery_document (void) void *plaintext; size_t size_plaintext; struct ANASTASIS_CRYPTO_UserIdentifierP id; - struct ANASTASIS_CRYPTO_ProviderSaltP server_salt; + struct ANASTASIS_CRYPTO_ProviderSaltP provider_salt; int ret; json_t *id_data = json_object (); const char *test = "TEST_ERD"; char *salt_str = "Server-Salt-Test"; - GNUNET_memcpy (&server_salt, + GNUNET_memcpy (&provider_salt, salt_str, strlen (salt_str)); json_object_set_new (id_data, "arg1", json_string ("ID_DATA")); ANASTASIS_CRYPTO_user_identifier_derive (id_data, - &server_salt, + &provider_salt, &id); ANASTASIS_CRYPTO_recovery_document_encrypt (&id, test, @@ -296,17 +296,17 @@ test_public_key_derive (void) { struct ANASTASIS_CRYPTO_UserIdentifierP id; struct ANASTASIS_CRYPTO_AccountPublicKeyP pub_key; - struct ANASTASIS_CRYPTO_ProviderSaltP server_salt; + struct ANASTASIS_CRYPTO_ProviderSaltP provider_salt; json_t *id_data = json_object (); const char *salt_str = "Server-Salt-Test"; - GNUNET_memcpy (&server_salt, + GNUNET_memcpy (&provider_salt, salt_str, strlen (salt_str)); json_object_set_new (id_data, "arg1", json_string ("ID_DATA")); ANASTASIS_CRYPTO_user_identifier_derive (id_data, - &server_salt, + &provider_salt, &id); ANASTASIS_CRYPTO_account_public_key_derive (&id, |